@POST @Path("/loginAuth") public Single<Response> loginAuth(@FormParam("username") String username, @FormParam("password") String password, @FormParam("return_url") String returnUrl, @Context Session session, @Context RoutingContext ctx, @Context AuthProvider auth) throws URISyntaxException { if (username == null || username.isEmpty() || password == null || password.isEmpty()) return Single.just(Response.status(Status.BAD_REQUEST).build()); JsonObject authInfo = new JsonObject().put("username", username).put("password", password); return auth.rxAuthenticate(authInfo).map(user -> { ctx.setUser(user); if (session != null) { // the user has upgraded from unauthenticated to authenticated // session should be upgraded as recommended by owasp session.regenerateId(); } String redirectUrl = session.remove(REDIRECT_KEY); if (redirectUrl == null) redirectUrl = returnUrl; if (redirectUrl == null) redirectUrl = "/"; try { return Response.status(Status.FOUND).location(new URI(redirectUrl)).build(); } catch (URISyntaxException e) { throw new RuntimeException(e); } }).onErrorReturn(t -> { return Response.status(Status.FORBIDDEN).entity(t.getMessage()).type(MediaType.TEXT_PLAIN).build(); }); }
@POST @Path("/loginAuth") public Single<Response> loginAuth(@FormParam("username") String username, @FormParam("password") String password, @FormParam("return_url") String returnUrl, @Context Session session, @Context RoutingContext ctx, @Context AuthProvider auth) throws URISyntaxException { if (username == null || username.isEmpty() || password == null || password.isEmpty()) return Single.just(Response.status(Status.BAD_REQUEST).build()); JsonObject authInfo = new JsonObject().put("username", username).put("password", password); return auth.rxAuthenticate(authInfo).map(user -> { ctx.setUser(user); if (session != null) { // the user has upgraded from unauthenticated to authenticated // session should be upgraded as recommended by owasp session.regenerateId(); } String redirectUrl = session.remove(REDIRECT_KEY); if (redirectUrl == null) redirectUrl = returnUrl; if (redirectUrl == null) redirectUrl = "/"; try { return Response.status(Status.FOUND).location(new URI(redirectUrl)).build(); } catch (URISyntaxException e) { throw new RuntimeException(e); } }).onErrorReturn(t -> { return Response.status(Status.FORBIDDEN).entity(t.getMessage()).type(MediaType.TEXT_PLAIN).build(); }); }
User user; try { user = await(auth.rxAuthenticate(creds)); }catch(VertxException x) { return Response.status(Status.FORBIDDEN).build();
User user; try { user = await(auth.rxAuthenticate(creds)); }catch(VertxException x) { return Response.status(Status.FORBIDDEN).build();